Introduction
With the phenomenal growth of the Internet witnessed today, the greatest concern for the modern user is the security of their private data. Computers all over the world have interconnected to form a global network of personal, institutional, business, and corporate systems sharing massive amounts of data. The Internet has provided a platform for sharing personal, financial, medical, and many other forms of very important private data.
The users transmit this data from one computer to the other through the public telecommunication links and systems such as telecommunications. This is where serious danger in terms of data theft, exposure of private data, unauthorised access to private data, data loss, impersonation, and so on. Furthermore, this could lead to huge financial losses for both individuals and organisations.
Private users and organisations will usually implement levels of security on their computers such as user names and accounts, encryption, antivirus and antimalware software, and so on. However, they have no control over the public telecommunications systems that they use to transmit their private data. This is the challenge that this credit-card company must address to ensure security of its operations and especially because it would be a major target for hackers, fraudsters, and thieves being a financial company. Its global client base and the huge subsequent financial transactions provides a big attraction to many cyber criminals who benefit from remote processing and the anonymity that the Internet provides to steal money from both individuals and organisations.
According to Touryalai (2012), credit card fraud is on the rise with countries such as the United States of America and Mexico recording fraud incidences up to 44% of credit card users. Most people increasingly opt to make their payments for goods and services using debit cards, credit cards and prepaid cards thereby providing a wider playing field for fraudsters to cast their diabolical nets. Of even greater concern to this credit card company is the fact that credit cards face higher incidences of fraud than any other card with countries such as the US reporting about 37% incidences of credit card fraud on its users (Touryalai, 2012).
The company must therefore invest heavily in the security of its computer systems and also the technology on the credit cards in order to overcome this vice.
Network Threats and Security
Credit cards provide convenience for the payment of goods and services in many outlets all over the world. Therefore to provide the service of credit cards to users, a company must invest in a global network infrastructure that would be available at every moment and location. The company has no capacity to provide all the necessary funds, equipment, personnel and legal documentation in every country in the world. For this reason, the credit card company will be forced to connect its computer network to all other networks that provide supporting services such as banks, hotels, supermarkets, educational institutions, government systems, personal devices, and so on to give its services a global reach.
Cisco (2015) reiterates that joining the Internet will expose the credit company to serious computer security threats such as hacking attacks, viruses, malware, spyware, adware, eavesdropping, data theft, identity theft and impersonation, denial of service (DOS) attacks, and many other forms of cyber crimes.
These attacks may lead to huge financial losses that could make the company go under. Cisco (2015) argues that such attacks cause disruption of business activities such as DOS which disables the companies services for many hours. Besides hurting customers, it also downgrades employee productivity with the many lost man-hours. The attacks may also lead to the exposure or loss of customer data, which in turn may result to legal suits against the company causing more losses to the company. Worse still, when the operations of a company are disables by such attacks, the public loses confidence in the company causing damage to its reputation and equally loss of clientele.
Network security is one of the most important functions of a credit card company. A security training organisation, SANS Institute (2015) describes network security as the use of both physical means and software solutions to protect a computer network from persistent threats which include unauthorised access of a system and its data, interference, unauthorised modification, system destruction, and exposure of private data, thereby enabling the users, computers and software to operate within a safe environment.
Fundamentals of fire walls
The greatest challenge for users of the Internet is restricting external users who are mostly malicious, from accessing their computer systems. This is where a firewall comes in handy. The Microsoft Corporation (2014) describes a firewall as either a computer program or a physical device that prevents hackers and malware such as viruses and worms from gaining access into a private network or computer.
Scarfone et al (2009, p.2-2), provides a deeper insight into firewalls informing that the function of firewalls to control how hosts with different security architecture share information on the network. A firewall performs its function between the host and the network, It does this by providing an interface to the host (internal) and an interface to the network (external). This way the company ill be able to prevent attcks from the external environment and thus remain protected.
Virtual Private Network (VPN)
A virtual private network is a secure network utilising the services of a less secure network. Rouse (2015) describes a VPN as a network that provides encryption and transmits the encrypted data over a less secure network, such as a public system. This removes the new for the company to built its own transmission network between sites, which would otherwise be too expensive. Geier (2013) explains that a VPN is created by transmitting data through encrypted tunnels over an insecure network. He advises that the company can securely transmit its data across the Internet between different sites such as remote terminals through a VPN.
VPNs also provide secure connectivity for mobile users (Geier, 2013). This is a major plus for credit card users because the usefulness and convinience of credit cards is their portability and mobility. The fact that credit card companies offers worldwide services will necessitate that the company has offices and servers in different parts of the world. Geier (2013) argues that VPNs provide a secure and efficient link between servers at remote locations. The following image provided by Geier (2013) depicts the working of a VPN.
Proposed Solutions and Practices
According to Cisco (2015) advices that the credit card company may implement security measures which include the use of antivirus and antispyware software, the use of physical and logical firewalls to prevent external access from hackers, installation of intrusion prevention systems (IPS) that detect and restrict evolving daily threats, and the use of virtual private networks (VPN) to allow the company secure access over public systems.
There is a common misconception that firewalls only serve to restrict external aggression from hackers over the internet. Scarfone et al (2009, p.2-2) dispels this notion advising the company that firewalls may be used internally in an organisation to protect sensitive areas from access from users who do not enjoy sufficient privileges, for example junior staff. He cites the payment card industry as a good example of an application where internal firewalls serve provide an extra layer of protection against fraud from within the organisation. Thus a firewall would be a good line of defence from fraud emanating from the employees of the organisation.
Another major advantage of a firewall according to Scarfone et al (2009, p.2-2) is that some firewalls provide an inbuilt intrusion prevention system (IPS). This means the company will not need to invest in expensive IPS. Operating systems such as Linux and Windows have a built-in firewall. That means the firewall and the IPS, if well configured, would provide a security package for the organisation by simply acquiring a good operating system (OS). An IPS built onto a firewall provides defence against active daily attacks that would otherwise damage the system.
According to Touryalai (2012), the credit card company can enhance the security of its cards by adopting the microchip-based Europay-Mastercard-Visa (EMV) standard because it provides another layer of defence against fraud. The Bank of America Corporation (2015) describes an EMV card as a plastic debit or credit card which has both the traditional magnetic strip and a microchip. The microchip enhances security by providing encryption for data at card terminals. The card may also work in conjunction with handheld devices such as pocket readers an mobile phones. Again, when a client uses an EMV card for purchases, the chip provides unique identity which helps to detect counterfeit cards. Copying chip cards is a very difficult and unlikely process. Furthermore, the EMV chip card may be used by simply waving or tapping at a point-of-sale (POS) terminal without inserting into a reading device because it has a radio-transmitter. This makes it even more secure.
References
Bank of America Corporation. (2015). Protecting your information FAQs - About Chip Cards.
Privacy and Security. Retrieved June 30, 2015, from https://www.bankofamerica.com/privacy/faq/emv-chip-card-faq.go
Cisco. (2015). What is Network Security? Retrieved June 29, 2015, from
http://www.cisco.com/cisco/web/solutions/small_business/resource_center/articles/secure_my _business/what_is_network_security/index.html?referring_site=smartnavRD
Geier, E. (2013). How and why to set up a VPN today. PCWorld Magazine. Retrieved June 30, 2015,
Microsoft Corporation. (2014). What is a Firewall? Safety and Security Centre. Retrieved June 30, 2015, from https://www.microsoft.com/security/pc-security/firewalls-whatis.aspx
Rouse, M. (2015). Virtual Private Network (VPN). TechTarget. Retrieved June 6, 2015, from
http://searchenterprisewan.techtarget.com/definition/virtual-private-network
SANS Institute. (2015). Network Security Resources. Retrieved June 30, 2015, from
http://www.sans.org/network-security/
Scarfon, K., Hoffman, P. (2012). Guidlines on Firewalls and Firewalls Policy. NIST Special
Publication 800-41 Revevision 1. Retrieved June 30, 2015, from http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf
Touryalai, H. (2012). Countries With the Most Card Fraud. Forbes Magazine. Retrieved June 30,
2015, from http://www.forbes.com/sites/halahtouryalai/2012/10/22/countries-with-the-most- card-fraud-u-s-and-mexico/
